neshta | 097d919fb061ccde8a8c725c626ce87282e5049789cd05b1d413ba936e322bed | Triage

Submit
Reports

Overview

overview

Static

static

24568f5217...18.exe

windows7-x64

24568f5217...18.exe

windows10-2004-x64

Sharing

General

Target

24568f521777a9ce638b44bee8bd6d56_JaffaCakes118
Size

213KB
Sample

240704-c11ahazdqn
MD5

24568f521777a9ce638b44bee8bd6d56
SHA1

be66c7ebbfa4d705da7a41dd8ff8289fdf12fd65
SHA256

097d919fb061ccde8a8c725c626ce87282e5049789cd05b1d413ba936e322bed
SHA512

c6c44f2f323f379486c3d7b27e0b6e6f766c7a152cd1ca15c702e58a953cb8cddf8a573cf2b9d972087143531d569130e867dbed6738293f38c2692d189151dd
SSDEEP

3072:sr85CDVP6CIqmpRvFLifSC1EKyAqiv/sZpMmZMCNZDgKlGD7rmk:k90RpRvFLiEtTZqmZZNpngXmk

Score

10^/10

neshta persistence spyware stealer

Static task

static1

3 signatures

Behavioral task

behavioral1

Sample

24568f521777a9ce638b44bee8bd6d56_JaffaCakes118.exe

Resource

win7-20240508-en

neshta persistence spyware stealer

windows7-x64

12 signatures

150 seconds

Behavioral task

behavioral2

Sample

24568f521777a9ce638b44bee8bd6d56_JaffaCakes118.exe

Resource

win10v2004-20240611-en

neshta persistence spyware stealer

windows10-2004-x64

12 signatures

150 seconds

Malware Config

Targets

- Target
  
  24568f521777a9ce638b44bee8bd6d56_JaffaCakes118
- Size
  
  213KB
- MD5
  
  24568f521777a9ce638b44bee8bd6d56
- SHA1
  
  be66c7ebbfa4d705da7a41dd8ff8289fdf12fd65
- SHA256
  
  097d919fb061ccde8a8c725c626ce87282e5049789cd05b1d413ba936e322bed
- SHA512
  
  c6c44f2f323f379486c3d7b27e0b6e6f766c7a152cd1ca15c702e58a953cb8cddf8a573cf2b9d972087143531d569130e867dbed6738293f38c2692d189151dd
- SSDEEP
  
  3072:sr85CDVP6CIqmpRvFLifSC1EKyAqiv/sZpMmZMCNZDgKlGD7rmk:k90RpRvFLiEtTZqmZZNpngXmk
Score

10^/10

neshta persistence spyware stealer
- Detect Neshta payload
- Neshta
  Malware from the neshta family is designed to infect itself into other files to spread itself and cause damage.
  persistence spyware neshta
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Executes dropped EXE
- Loads dropped DLL
- Modifies system executable filetype association
  persistence
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Event Triggered Execution

Change Default File Association

Privilege Escalation

Event Triggered Execution

Change Default File Association

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

neshtapersistencespywarestealer

behavioral2

neshtapersistencespywarestealer

© 2018-2024

Terms | Privacy